unbound-anchor ignores net.ipv6.conf.all.disable_ipv6=1 in /etc/sysctl.conf
Phil Mayers
p.mayers at imperial.ac.uk
Wed Nov 4 16:35:07 UTC 2015
On 04/11/2015 15:49, Tomas Hozza wrote:
> If you have some strong technical argument for this behavior I would
> be more than glad to hear it. The reason is that similar people will
> fight hard against having Unbound as the default DNS resolver in
> Fedora, which is our ultimate plan. Ability to spare hundreds of
> emails arguing with them would be great :)
Which "behaviour"?
I'm honestly confused. As far as I can tell, everything is working as
designed here.
The code tries to open an IPv6 socket, the kernel tries to load the
module, SELinux denies and logs this. Each of these items is by design.
Which are you suggesting should change?
Is it the audit log that is annoying people? If so, the SELinux policy
should be a dontaudit.
Can we agree that unbound-anchor should not be reading sysctls to change
it's behaviour?
More information about the Unbound-users
mailing list